[dns-operations] DNS deluge for x.p.ctrc.cc

Roland Dobbins rdobbins at cisco.com
Mon Feb 27 17:03:23 UTC 2006

1.	Spoofed traffic isn't the -only- problem.  It's a big problem, but  
far from the
	whole enchilada, heh.

2.	This isn't the BCP/38-cum-BCP/84 mailing list, it's the DNS-ops  
mailing list.
	So, of course the focus is on DNS.


On Feb 27, 2006, at 3:12 AM, Geo wrote:

> Folks,
> I think most of you are too into DNS to see the real problem and  
> the only
> workable solution I can think of. The problem isn't DNS  
> exploitation, it's
> tcp/ip exploitation, ie spoofed traffic.
> The solution is ingress/egress filters and finding a good way to test
> netblocks to see if they are filtering for spoofed traffic  
> originating on
> their netblock. If you can't spoof with an outside IP, the damange  
> you can
> do is limited to the netblock you are on or at the least makes it  
> easy to
> track back to your netblock.
> Geo.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations

Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice

      Everything has been said.  But nobody listens.

                    -- Roger Shattuck

More information about the dns-operations mailing list